CVE-2021-43296

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine SupportCenter Plus versions prior to 11016

Description The issue is related to a Server-Side Request Forgery (SSRF) attack in the ActionExecutor. This type of attack allows an attacker to trick the server into making requests to unintended locations, potentially leading to unauthorized access or data exposure.

Recommendations For versions prior to 11016, update to version 11016 or later to resolve the issue. As a temporary workaround, consider restricting access to the ActionExecutor to minimize the risk of exploitation.